Ask the Expert: Unleash your inner IT superhero with EMC’s next-gen customer experience roll-out and ESRS v3 Virtual Edition

Blagoja.SagaMK wrote: Hi, i have a problem were ESRS-VE is sending encrypted notifications to EMC and the customer. No encryption is set in ConnectEMC on VMAX. Customer is asking so he can read the notifications.

Hi,  the ESRS VE sends notifications for connect home transfer failures and optionally on success.  But it doesn't include the file that was transferred.  I'd suspect that notifications are enabled on the VMAX and if that is the case you would need to contact VMAX support to see if the encryption can be disabled.  It's my understanding that it's enabled by default even though the settings may not reflect it.

2 questions:

1) Can you use ESRS-VE without Policy Manager and block remote access session requests?  (i.e.: Can you set the default to always deny)

2) Is there an 'rpm' available to install ESRS-VE in a non VMware or Hyper-V environment?  (i.e.: KVM)

Yes – the new scheme has been locked in for some time and will not change.  (Any edit to the document updates the “last modified” date – and we update the document as we incorporate feedback / questions about the change.) Yes – the new IP scheme contains a new and expanded ESRS back end which will allow us to bring our customers a true next-gen proactive service and support experience. Not only are we ramping up overall speed, stability, security, and performance, we are also setting the stage for even more feature rollouts in the near future. We want customers to allow both sets of IP addresses now – and we plan to retire the older IP addresses near the end of the first half of 2016.  We will let customer know when those IP addresses are retired so they can be removed from any “allow” lists you may have. I'm checking on an answer for the update of the network check tool -

We're running ESRSv3 with three network cards.

1st Network - ESRS to Internet
2nd Network - ESRS to VNX Admin Subnet
3rd Network - ESRS to XtremIO Admin Subnet

Problem is that XtremIO is not able to communicate (call home) via HTTPS on port 443 to ESRS Server (no firewall in between). SMTP to ESRS Port 25 is working.
Looks like HTTPS is not listen an all network cards.

Netstat is showing that port 443 is only listen on 2nd (VNX Admin) Network.

How could we managed to get 443 listen on all networks?

Yan Faubert wrote: 2 questions: 1) Can you use ESRS-VE without Policy Manager and block remote access session requests?  (i.e.: Can you set the default to always deny) 2) Is there an 'rpm' available to install ESRS-VE in a non VMware or Hyper-V environment?  (i.e.: KVM)

Hi,   The Policy Manager is required to manage remote access requests.   By default it will allow connections - but if you installed a PM and set to policy to Ask for Approval or Always Deny and the PM is unavailable it will deny connections.   If your organization doesn't allow remote access, you can always just not deploy the device but still configure the device to use the ESRS VE for call homes.   Call homes and remote access aren't mutually exclusive.

As for a rpm - there is no version available as an application to install within your own operating system.  Currently only VMware and Hyper-V are officially supported, but if you want to use KVM have your account team submit a RPQ and we'll get in touch.   Thank you,

-Patrick

MaK wrote: We're running ESRSv3 with three network cards. 1st Network - ESRS to Internet 2nd Network - ESRS to VNX Admin Subnet 3rd Network - ESRS to XtremIO Admin Subnet Problem is that XtremIO is not able to communicate (call home) via HTTPS on port 443 to ESRS Server (no firewall in between). SMTP to ESRS Port 25 is working. Looks like HTTPS is not listen an all network cards. Netstat is showing that port 443 is only listen on 2nd (VNX Admin) Network. How could we managed to get 443 listen on all networks?

Hi,  most likely the hostname assigned to the NIC is not the same as the host name of the system.   Please log in as root, run yast , select Network Devices > Network Settings.   Edit the XIO subnet NIC and verify the hostname is set to what the server's hostname is set to Hostname/DNS page.   If that doesn't do it, please open a SR and we'll work with you to resolve.   Thank you,

-Patrick

During the setup of ESRS VE, if we point to a bogus IP for Policy Manager, will it allow us to complete the install and default to 'deny' for remote access (since PM is not available)?

Our auditors require that all EMC dial-ins via ESRS be accompanied by an EMC SR. This should be a simple matter of the EMC employee filling in the SR# box when initiating an ESRS connection; however, since the box is optional, it isn't always filled in.

Would there be a way, via PM or otherwise, to make entering an SR required? We would like to avoid having EMC request ESRS access for each dial in, which is our only other option.

Are you wanting to use the Never Allow option of the Policy Manager to always deny remote access to EMC when they attempt to remote access to a device?

As you pointed out the field is optional, there is no way to require the field to be filled in.  If the information is required, the best option is to have the EMC analyst call or email the information to your company and provide the required information.

Currently, our PM is set to Always Allow since we do not want to delay EMC should they need to dial in. We are trying to find a balance between satisfying our auditors and allowing EMC to react quickly to events on our arrays.

Does EMC have any plans to make the SR# field in ServiceLink required, via PM or otherwise? Could it even be done?

Hi Patrick,

you're right, i entered the Hostname to all Networkcards and HTTP listener is now running on all ip addresses.

netstat -an |grep 443

thank you very much,

Marco

Are there instructions for settings up ESRS VE in HA mode that doesn't require EMC's involvement?

I've 2 Sites (West and East). There are devices at both locations. Planning to setup ESRS GW at both locations. EAST ESRS GW will have all devices in EAST Coast location. Secondary ESRS GW for EAST Location will be West Coast ESRS GW. Similarly West ESRS GW will have all devices in West Coast location. Secondary ESRS GW for West Locations will be East Coast.

I understand there is limitation of 250 devices in each ESRS GW.

In above configuration each device will get registered at both locations (Primary and Secondary ESRS GW)?

If I've 150 devices at EAST Location and 150 devices at WEST Location that means my ESRS GW and Primary and Secondary location will have 300 devices or 150 devices registered?

Isilon clusters each node is considered as a devices and that will make a lot of devices in ESRS GW.

Thank you,
Rash

Yan Faubert wrote: Are there instructions for settings up ESRS VE in HA mode that doesn't require EMC's involvement?

Hi,   currently setting up ESRS in HA mode requires someone from EMC to cluster them on our backend.  Enabling it to be done by the customer is being worked on.  Thank you,

-Patrick